US State Dept. workers beg Clinton for Firefox
US State Department workers have begged Secretary of State Hillary Clinton to let them use Firefox. "Can you please let the staff use an alternative web browser called Firefox?" worker bee Jim Finkle asked Clinton during Friday's State Department town hall meeting. "I just moved to the State Department from the National …
Nothing is free if you wear a suit.
I have noticed a mixture of ignorance, incomprehension and terror at the thought of not having to pay for software. At least, that is the case with the entrenched Microsoft enthusiasts and with those who believe everything that FAST and other criminals tell them.
Here's a list of things that Firefox developers need to get their idealistic minds around:
Patches need to be deployable remotely from a management server like WSUS.
It needs to obey group policy (and not some half baked policy engine of its own using config files and rubbish like that, I mean group policy in active directory).
It needs to do something better than IE.
Do those three things and I'll welcome it with open arms. If I can't patch all of them locally without downloading 10,000 copies of the updates or if I can't change the proxy settings for 10,000 of them overnight without leaving my desk then Firefox can get the hell out of my office.
And it's also not going to happen if I can't install it on 10,000 machines without getting off my fat ass.
You don't work for a big company do you? Any software costs, if it needs to be packaged, rolled out, patched, administered (who can run it, who can't, who can administer it, who can't etc.)
Also, most companies/organisations take a single piece of software to do a single job, if you add to that, you add to your support overheads. This sort of decision is nothing to do with free software, or FAST, or Microsoft, it's just down to financial considerations and support quality.
I Wonder just how much of that US $1tn budget deficit ends up in a M$ bank account.
Mine is the one with M$ on the back and a extra large pocket to hold my wallet.
I thought that the look on the Big Hill's face when she was asked about Firefox was priceless.
As for the suit and the 'nothing is free' comment... the fact that he didn't say no right off is encouraging, and the fact that others in the government (even if they are rather smaller than the Giant Monolith which is the State Department) use it is also encouraging. Who knows? Sometime in the next two-three years the State Department may actually get around to installing Firefox 3.
This is why the government doesn't like to talk about how it does things without making it sound too complicated to tolerate. They have NO idea what they are doing, and seem completely unwilling to consult ANYONE who might know what they are doing... not to mention completely ignore those in the know, who are basically giving them the consultancy advice for free. AAAARGH!!! Unbelievable. Someone should forward this article to Clinton as it seems to put enough high level facts together for her without having to spend a huge amount of cash to an outside firm that charges out the ass. Apparently mindless government/corporate drones are the only ones who make decisions with bullet points only. How did stupid people take over anyway? How did no one notice?
I bet she would have listened to the guy if he drew up his suggestion in a power point presentation...
Why use something quick and clean (oh, yeah, and free!) when you can have an obsolete, buggy, insecure, crash prone resource hog and pay lots of money for multiple licenses? No problem, it is only tax money, so who cares - the peasants will pay, they have no choice.
This is the Microsoft tax on the US Government - turnabout is fair play!
Get Microsoft out of government - WE are paying for this crap!
""Nothing is free," Kennedy responded. "It’s a question of the resources to manage multiple systems. It is something we’re looking at...It has to be administered. The patches have to be loaded. It may seem small, but when you’re running a worldwide operation and trying to push, as the Secretary rightly said, out FOBs [for remote log-ins] and other devices, you’re caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can’t do everything at once.""
-=-
Unfortunately the sad truth is that more than likely their websites are designed for IE6 and doesn't offer cross browser support. This means that they will have to do a lot of upgrade/maintenance work on their websites.
That's the real problem...
Fail the government's IT programs.
when one of the richest women in the world tells you to 'shop in your closet'. Hint: this is good advice for people who've got more money than they know what to do with.
Redouble this for people who are spending other people's money.
The only cost is the lazy techs making regular images for users disks, including the latest Firefox, at trivial extra cost. Firefox can download it's own updates, so they don't even have to be rolled out updates from an update server.
As for saving money, much smaller government would help in the USA, and on this side of the Atlantic.
It a real pity our immigration wasn't more competent at ejecting fraudulent immigrants, instead we have these frauds sucking as gatekeepers, politicians, and in other sensitive positions!
Very little. MS has to get inline behind things like the banks.
I actually see little wrong with the answers given to the people asking about Firefox at the US State Dept.
"The Vociferous Time Waster" made some excellent points. Firefox is no "freer" than IE, and in a large organization, the costs of deploying any technology are only slightly influenced by what you pay for it in currency. The cost of deploying, managing, supporting, updating and so on BY FAR trump the acquisition costs - many studies have been done on this. It was actually the impetus for coining that ugly term/acronym "TCO" - "Total Cost of Ownership".
Historically I've been not particularly enamored of using FF in a large setting because Mozilla never seemed to give a leap about making it centrally-manageable or easily locked-down. Only recently, after many years, are they making a tiny effort in this regard. I sure as hell don't need users installing a bunch of crappy add-ons whenever they want to, many of which may be designed to circumvent I.T. policies, for example.
Another problem is that FF add-ons are installed on a PER-USER basis, which is a really craptastic thing in an organization where you have to support lots of users.
Lastly - don't for a minute think that FF is automatically "safer" than IE. As FF's marketshare goes up, so do the exploits for it.
Just last week as I was in the middle of installing updates on a laptop for a staff-member, I needed to look up something online, and stupidly (because I was in a hurry and didn't want to go to a different machine) did it with the old version of FF on there. So - did a quick Google search, clicked a couple of links, BLAMMO - machine got hit with a drive-by iFrame exploit, followed by download of a malicious PDF file (exploiting older version of Adobe Reader), and a trojan.
I always prefer to avoid IE whenever possible myself - and sometimes even disable it on user systems I manage - but FF is not the be-all/end-all to all the world's browser problems either.
The cost of using a piece of software is not just the price of a license: it is also the cost of supporting it and verifying your apps will work with it. You have to pay the techs and sysadmins to support it and you have to qualify your existing systems to run on it. If you are an IE shop then you must account for the time and therefore cost of training your techs on FF.
So, sure the browser is free, but implementing it is not. If State has in house web apps designed for IE then in all likelyhood those apps must be modified to work properly on Firefox. This is because IE and FF do some things differently - ever try writing cross browser CSS and DOM-scripted apps? There are lots of pitfalls in the differences of implementation between the two browsers - and since State has never used FF you can take it as given that it's web apps need some changes for FF. If some web app craps out on a shiny new FF roll-out you still have to pay people to fix the web app - that takes time and money, probably at overtime rates.
If you have a small shop, then switching, or supporting both browsers, may be pretty simple. The bigger an organization gets the more work is involved in this kind of thing. State is a very big organization!
This stuff is obvious to anyone who's worked as a LAN admin, sysadmin, network manager, CIO, what-have-you. It may not be obvious to people running small shops or to home users.
I'm using FF 3.5 on Fedora Linux and I do have Flash installed correctly.
The video noted in the article refuses to run!
Now then, Scott 7, I suppose if you were State's CIO you would fix that for me and the rest of State single handedly and at no charge, wouldn't you? You'd work over night if required too.
No, I thought not.
http://secretaryclinton.wordpress.com/2009/07/10/secretary-clintons-diplomacy-town-hall/
The crowd goes wild at 26:30
It's not official, but someone's making it easier to manage.
Frontmotion's version of Firefox has proper Group Policy support (and System Policy if you're using Samba or NT4 domains), and they package it up as MSIs that support silent installation. It's working for me in a school with around 100 computers.
So to those who think managing the install is too hard, go and have a look.
Of course if the issue is badly designed internal web systems, then there's no one to blame but themselves, and to be honest, they should fix it because even IE is moving away from those dodgy hacks.
Quote: "Just last week as I was in the middle of installing updates on a laptop for a staff-member, I needed to look up something online, and stupidly (because I was in a hurry and didn't want to go to a different machine) did it with the old version of FF on there. So - did a quick Google search, clicked a couple of links, BLAMMO - machine got hit with a drive-by iFrame exploit, followed by download of a malicious PDF file (exploiting older version of Adobe Reader), and a trojan."
Let's see: a) you used an old version of FF, b) you clicked on a malicious link, and c) you hadn't updated Reader, is that right? What OS was this on and what anti-malware was installed?
1) How would this have been different if you'd used IE?
2) Please tell us that you don't hold a position of authority in your IT dept.
In addition to the costs of ownership and the costs of deployment, there's what might be called the "Price of Staying". When the PoS is more expensive than the price of something newer and better, then you have a case for moving. In the case of IE6, I would imagine the PoS is pretty costly.
In 1900 when everything on the roads was horse drawn, it would have looked expensive to start using that strange contraption called a horseless carriage.
Eventually even Government Depts. creep up to do what the rest of the world is doing.
He claims to be an expert but gets duped into installing trojans, probably thinking he was clever looking for cracks or password generators.
" Firefox can download it's own updates, so they don't even have to be rolled out updates from an update server"
That is the point you muppet!
Say the latest FF downloads an update that then cripples 30,000 pc's (not a pissy little 100). Which poor bastards then has to go around and remove the latest version and reinstall an older version. oh look it's just decided to do an update.
An what's the point of comparing i.e with the latest version of FF. At least compare it to i.e8.
And as for FF being free. you stupid dumb asses. Hands up all those people that have payed for i.e.? If they are running windows then the stupid arguement that FF is free is pointless, so is i.e.
And before the rants that I'm a fanboi, nope looking at my pc I have i.e & FF. I use what I need to use, end of.
They should just update to IE8 and ignore the freetards who don't understand IT system administration!
And in this place it's free to the company as well, but then I work in a software house and we kinda know how to keep our own stuff up to date (and how to really break it, ahem). We're also small-ish, so I can wander over to internal support and grab the CD of drivers (or whatever I need) in an informal manner.
This simply does not work in a large company, you have to retain control for the sake of sanity. Almost no one in the State Dept will be a geek-nerd-techie. They'll be analysts etc who see the PC as an appliance, nothing more. FF might be "better", but rolling that out, training people (trust me, there are people who will need it), controlling plugins etc costs.
Then there are upgrades. AFAIK there is no central way to control FF upgrades, so quite quickly you'll have people running different versions and that could cause problems. Also, there are some security flaws in FF that still need to be addressed (e.g. silent install of plugins for all users).
I use FF as I prefer it to IE, but I can understand completely why it might be expensive to switch in a controlled environment. Many freetards are simply bedroom geeks who don't understand the realities of real-world computing. You cannot simply let the end suer install what they like, or hack around as they like.
Untill the open source community gets a grip and starts offering some kind of OS/network integrated patch control, then it is going to remain in the home and on the fringe. I am perfectly aware of repositories etc on Linux distros, but I still would not call that "controlled" in the internal IT sense of the word (being able to force roll-outs etc).
I think that was exectly the point, if the software had been standard software, it would have been packaged, it would have been up to date and gone on without any problems at all, there would have been no room for user (well, administrator) error. This is an example of where non-standard software (non-standard within a company, that is) can cause problems.
Fraser. "You don't work for a big company do you" Unless were talking FTSE 100 company you can keep schtum. What you go on to say is technically correct, but there is no need to be such a monumental dick to begin with. It's horses for courses. By the sounds of things, you're not in management are you. I'd discuss policy making but you wouldn't understand.
Phil Koenig. Lets get one thing straight. What happened to you was down to your lackadaisical approach to securely in fixing the laptop. This would have happened if you were useing MSIE or FF. What site were you on to be clicking on malicious links to download infected PDF files? It cannot have been legit site. If it were, did you at least let them know? Believe me, if you had been working for me, we would have had a rather long and serious discussion about the future of your employment.
E 2 "Case in point!" You are talking about a 3rd party plugin on a different OS platform that doesn't really have anything to do with the browser in the way you are implying. I've personally had flash videos not work in Internet Explorer on Windows XP. It highlighs nothing other than flash support on Linux can be patchy and that you haven't managed to grasp the simple fundaments of what is being discussed - for the record, the perceived difficulty in a mass roll out and maintenance of Firefox installed on a Windows network at the request of the majority of users. Feel free to publish a real world example of a real issue. Flash not working well on Linux isn't one.
This story is a bit of flame bait, and a justified dig at HC and the State Department. The response of Pat Kennedy answered the initial question adequately and responsibly, although it is clear that other govenment departments are using Firefox. All that it required to move this proposal forward, other than a lot of man hours(!), is a little bit of common sence and communication between government departments. It'll never happen!
No it does nto need to conform to AD policies. Otherwise I would need to find another browser that allows me to change basic settings because retard MIS staff think its a great ieda to change my home page at random times and other stupidities.
it is telling that they all use firefox so as to avoid their own policies as well.
The Wintards are using the 'lack of exploits is because of low market share' line again. So how come IIS is constantly getting knocked over, while Apache soldiers on with a decent security record?
Also: Vociferous Time Waster: Basically what you're saying is that because you lack the skills to administer multiple systems without a point-and-drool interface, you will continue to use inferior software because such an interface has been supplied (restricted for purposes of monopoly protection) by an incompetent vendor. In other words, your users would get a better browser, but unfortunately you're a charlatan.
Not so funny if you have to work with the POS yourself
"Eventually even Government Depts. creep up to do what the rest of the world is doing." ... Cost of Change By elderlybloke Posted Tuesday 14th July 2009 04:45 GMT
To delay in the Virtual Environment has One Exponentially Always Behind Lead with Controls in ITs Powers. And One Requires a Prodigious Mentor in those Perfect Circumstances 42 Guarantee Success in the Most Chaotic of Silent and New World Order Programs, Sub-Prime Mimics of Magic MoJo Circles.
And much More JuJu than Wall Street can Imagine and that Provides the Force Stealth for Invisible Invasive Pervasive Action/Systems Infection.
----
They should just update to IE8 and ignore the freetards who don't understand IT system administration!
----
Except, of course, that IE8 is more akin to Firefox than it is to IE6 - if they're jumping from IE6 to IE8 and their intranet systems are all full of shonky hacks that won't work in IE8 (compatibility mode isn't 100%) then they'd be just as stuffed as they would be should they have moved to FF in the first place.
However, when managing a huge install base it may be better to force an IE8 roll-out (intranet issues notwithstanding), at least it's less crap than IE6 and can be centrally managed.
Upgrading to IE8 isn't necessarily the best idea, a friend of mine works for a major software company which attempted that and it caused chaos! Took a strong dislike to most of their standard webapp front ends (which were fully compliant and working fine under IE7), wouldn't retain crucial settings, and was a pain to uninstall too. They're back on IE7 and not planning a second go in the immediate future.
As for my (also major) company, we're only just about to upgrade to IE7...
Abrupt, yes I admit, monumental dick not really... Also my point isn't just technically correct (the best kind of correct), if your company is running more than a handfull of desktops they should be using proper packaging, distribution and management techniques, this is not something that is limited to major companies. Think about how long it will take to get a workstation back after it's died then think about what happens if your office goes and you have to get them all back. That is why even small companies need proper IT, in fact it can be quite easily argued that a small company needs it more due to their general lack of more than one or two IT guys.
I don't work in management, but I have worked in DR/storage long enough to know what I'm talking about.
There's a surprising number of people here who apparently manage tens of thousands of desktops yet, astonishingly, seem unable to script a firefox install.
I manage nothing like that number of desktops, but I install Firefox and its updates by script without ever visiting a physical client machine.
Sure the additional costs of supporting a second browser are valid, but the idea that Firefox is difficult to deploy is tosh. It could be easier. Group Policy support would be nice, but even without that, it's trivial to get it and its patches as they are released onto user desktops.
By my count, probably $500, possibly more for IE. Firefox on the other hand I've never paid a cent for. See, I don't count IE as free just because MS says it is, I figure I'm paying for it every time I pay for the browser.
Oh, and for all you whiners complaining about not being able to mass deploy FF, somehow or another we seem to be managing, including plug-ins we expect to be standard. No Group Policy or SMS required. And if an update were to "hoseify" a bunch of user systems, I'm reasonably confident I could get the browser removed from them in about 15 minutes.
Typed from my 3.x Firefox browser.
One last thing. While it is technically true that no software is free because they all cost something to support, Firefox has always struck me as a non-brainer for deployment. All those IE-only sites will still work. You just have to open IE for those sites instead, while Firefox can be used for the rest of the web. And you'll always be supporting IE, because even the EU isn't going to manage to force MS to build their OS the way it should have been built and therefore be browser agnostic. Until Opera put the web server component in, I would have classed Opera the same way. My preference is Firefox, but as a support worker I prefer, within reason, to deploy whatever tools make the rest of the company more efficient.
as has already been picked up on, how can you possibly blame Firefox for your own incompetency ?
"Nothing is free," Kennedy responded. "It’s a question of the resources to manage multiple systems. It is something we’re looking at...It has to be administered. The patches have to be loaded. It may seem small, but when you’re running a worldwide operation and trying to push, as the Secretary rightly said, out FOBs [for remote log-ins] and other devices, you’re caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can’t do everything at once."
I have to say, I'm pleasantly surprised by the technical knowledge displayed in this answer.
Sure, if you give your users local admin rights you can let them update FF themselves. What could possibly go wrong...
On the other hand, a proper software deployment tool will have no problems handling FF as well as the dozens of other idiosyncratic stuff from crack-addled vendors it undoubtedly already does.
@AC 7:19 "And as for FF being free. you stupid dumb asses. Hands up all those people that have payed for i.e.? If they are running windows then the stupid arguement that FF is free is pointless, so is i.e."
I reckon I've paid for ie many times over. Don't get us started estimating the real cost of ie.
OK. Monumental was an overstatement. Frankly, I don't care about the technical accuracy, that goes out the window with the arrogance. Proper packaging and management techniques does not mean Microsoft's way is the only way. If you are a big corporation, you should have adequate planning and policy for the type of contingency that you mention. If it happens consistently or concurrently over multiple machines, get in touch with the software or hardware partner/reseller or manufacturer and get them to investigate it - or at least help - because something is seriously wrong. With news like http://www.theregister.co.uk/2009/07/14/unpatched_activex_bug/, properly managed updates won't save you and more secure software, irrespective of whether or not it takes a bit more effort to administer, is the best *business* option - after all it's what you are paid to do.
As usual - selfcentered arrogance is not limited to some badly adviced and uninformed users but can easily be found among IT managers and IT "experts".
I find it amazing that so many of us within the IT area are so blatantly arrogant that we would on one hand set oursevles to dictate our end-users software selection (and limit this to IE for example) - while at the same time not hesitate to install FF (or whatever we fancy) on our own computer. This "I know better then the dumb end-user I support" attitude is unfortunately not all that unusual...
It does not seem to occur to many IT support "experts" that those (other) end-users (whos work they both support and interfere in) are usually the ones who are core to the business of the company they are working in... As most companies do not have IT support their core business...
I work for the MoD and we're running XP machines with IE6. That level of crapness gets in the way of your work to quite a large degree. IE7 (and now 8) have been around for a while, and while FF may be hard to install easily, IE7 and 8 will have been designed by MS to be as easy to deploy as IE6.
Being a real weirdo, I still use Opera as my everyday browser. But I have issues with a number of web pages which don't render properly or sometimes complete lack of funtionality with anything other than IE. I am assuming this is because a certain (growing?) amount of html code is now non-standard and since this is being driven by people running IIS, is FF able to handle this?
I'm not suggesting the SD should go for Opera, but if FF has the same issues then I can see a reluctance on the part of big agencies.
"An unpatched memory corruption flaw in the latest version of Firefox creates a means for hackers to drop malware onto vulnerable systems. Security notification firm Secunia reports that the security bug (which it describes as extremely critical) stems from errors in handling JavaScript code. The flaw has been confirmed in the latest 3.5 version of Firefox, released in late June."
http://www.theregister.co.uk/2009/07/14/unpatched_firefox_bug/
The way I see it... every browser sucks... and blows... at the same time!
Technical accuracy being the best kind of accuracy is a joke, it comes from Futurama. I was trying to make light of being called a dick.
Anyway, the point I was trying to make was: If you need for whatever reason to build a lot of machines (usually a disaster of some sort, or rollout to a new building.), you need everything to be packaged and run from an automated system of some sort. I don't care if it's Windows, Linux, Unix, Apple etc, it's just common sense. If you let you end users have everything they want, you need to have it all packaged, not manually installed ad hoc.
I don't really care about individual bugs (you'll see a new FF bug has just been announced), if a company has standardised on one package for X when that package is as rooted into a company as a browser, it's not really a cost effective idea to roll out another. If the business want it, understand any potential limitations and can afford the cost, fine. Although I have been in IT long enough to see several business 1off requirements like this go tits up and the IT department be saddled with the blame when all risk was clearly explained to the business beforehand.
..is one that is switched off, at the bottom of a pit and then that pit backfilled with reinforced concrete. Every other computer is vulnerable. *EVERY* single one.
The question is just; how vulnerable and how hard do the bad guys wanna try?
FF used to be a fringe browser, so it was safe as the bad guys didn't want to try too hard. But now it is mainstream, the bad guys really wanna get in. So if FF up to the job?
No, not really. Not without AdBlock and NoScript (can they be centrally controlled? Nup)
IE, of course, is not any better really. But sometimes the devil you know.....
Apparently some of the posters have never tried to support Civil Servants. It has taken some of them half their adult lives to learn to use MS WIndows and IE. Procedural handbooks that look like children's pop-up books are sometimes necessary. The IT folks at State are likely well aware and supportive of FireFox but they also know from experience what it would take to support the change.
This is why the US DOJ refused to enforce US Antitrust law upon Microsoft.
The truth is that the US Appellate courts decided that commingling code between the OS and IE was in fact illegal. But, the US DOJ refused to enforce that decision in the DOJ vs. Microsoft case simply because it mandates another monopoly for Microsoft.
Just look how difficult and expensive it is for any government department to not use Microsoft's browser exclusively.
It is called precluding competition by forcing the use of a monopoly product. And the US DOJ is guilty of violating the very laws they swore to uphold.
If you are ignorant you do not know that.
The point of my case in point is that the end users will call support and they don't care or perhaps even know that Flash and FF are really two different products. Support still has to deal with it. Obviously State is not talking about running Linux, but my example still illustrates that a new browser may have issues, and support still has to deal with them.
As for dismissing my example: I work in a Linux shop - several hundred people using Linux on the desktop. Don't tell me that Flash/FF just *did* work properly for me, I clearly observed that it did not. But... I never have problems with YouTube or Google video on the very same machine. I suspect you will now dismiss me as a luser - but the fact remains that support in State would still have to deal with the problem.
"The point of my case in point is that the end users will call support and they don't care or perhaps even know that Flash and FF are really two different products. Support still has to deal with it. Obviously State is not talking about running Linux, but my example still illustrates that a new browser may have issues, and support still has to deal with them."
As stated, I've had the same problem with Internet Explorer, which would also have to be supported. I didn't say that you were wrong. It still doesn't change the fact that your 'point' has no relevance to the 'debate'. It's a 3rd party plug-in that is commonly known to have flaky support and reliability on a completely different OS by those that use and support it. It's the same as saying Safari runs really well on OS X, let use that on Windows. It bares no relevance to the conversation. Besides, from a security point of view, I'd be disappointed if the State Department, or for that matter any serious IT department deployed Flash unless absolutely necessary.
Well, all I really care to says is this: (1) if you (AC) arrogate defining what the debate is about then you can use that to make anyone's point that you disagree with irrelevant; (2) granted many people here are talking about roll-outs, packaging and the like, doesn't mean I can't say something about web app compatibility - for which see my first post on this thread, my case in point was a follow-up to my initial post.
Have a nice day, and do try to engage with people who do not see things all your way - it will broaden your mind, ans this is something you would likely benefit from.
